A spate of high-profile data breaches may have forced cybersecurity onto the agenda of many corporate boards, but they’re still trying to grasp the dangers posed by advanced persistent threats (APTs).
Corporate boards understand the importance of cyber security and have invested in products to defend and protect their organizations. However, when APTs are discussed, security executives struggle with communicating the operational and brand risks associated with these types of attacks.
One possible solution, according to security executives who attended a meeting Cybereason and Lockheed Martin co-hosted this week on interacting with corporate boards, is to take a more pragmatic approach to security.
For example, security executives are realizing that defending the perimeter won’t completely protect their organizations and that controlling users is futile.
“I have to assume there is no ability to put controls on my users,” said an executive from a Fortune 25 health-care company. “ And I can’t rely on perimeter defenses. I assume the adversaries are inside.”
The critical role detection and response plays in keeping their companies safe was also brought up. However, security executives face several challenges when trying to build a detection program to handle the sophisticated APTs attackers are launching. For instance, there’s a dearth of skilled security professionals who can sift through and analyze the flood of security alerts they receive.
Security professionals mentioned how staff shortages impede their organization’s ability to detect new threat vectors during an October meeting Cybereason and Lockheed Martin co-hosted on how to discuss APTs with corporate boards.
Organizations can supplement their security staff and provide boards with real answers on the perils of APTs by trading manual threat detection for automated detection.